I’d like to build a custom geo-ip based blacklist. I’ve already found that geoip-enrich is required to populate such a geoip-database. However, I am stuck on the custom blacklist part. I can find a way to integrate geoip-enrich within the whitelist, but I would like to do the exact opposite.
Is this at all possible using crowdsec?
Thanks in advance
What exactly are you trying to achieve with the blocklist?
Assuming you’re using a bouncer that supports it, you can ban all traffic from China for 4h like this:
cscli decisions add --scope country --value CN. CrowdSec would not be the most obvious tool for perm blocklisting as it would always block based on behavior. So if you’re looking to write a scenario that issues ban per country you should take a look at this article.
If you have further questions I would advise you to join our Discord server - the community there is much more active. We also have Discord specific events like workshops, talks and AMAs. The invite link is CrowdSec.
Have a great day
Hi @klausagnoletti ! Thanks for your reply
I have resolved this issue in a different manner, using this guide